This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Updates - AV scanning although defined exception

Hi,

I checked my WebFiltering logs regarding a problem with downloading MS Windows updates for my Window 7 client.
It looks like that the download is scanned by the AV engines although a exception is defined:

/var/log/http/2016/06/http-2016-06-03.log.gz:2016:06:03-11:12:33 jasnet httpproxy[629]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.11" dstip="92.123.195.41" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaLanNetwo (HTPC)" filteraction="REF_HttCffHtpc (HTPC)" size="16265332" request="0xdd9e1600" url="download.windowsupdate.com/.../windows6.1-kb3138962-x64_ffeef5bfb9d8cef2870d3d6874ef5ffcd7416222.cab" referer="" error="" authtime="0" dnstime="0" cattime="185" avscantime="1201702" fullreqtime="5960882" device="0" auth="0" ua="Microsoft BITS/7.5" exceptions="av,sandbox,ssl,fileextension,size" category="175" reputation="trusted" categoryname="Software/Hardware" content-type="application/vnd.ms-cab-compressed"

This didn't happend to all the downloaded updates, only to a few. When I download the above update directly with Edge, the file is not scanned.


The problem itself was solved. I have no idea what it was, but after I connected the client directly to the Internet, the update process started. After that, the update works behind the UTM again.

Thank you!

Jas Man



This thread was automatically locked due to age.
  • There are two things I can think of:

    1) perhaps there is something odd about how your exception is defined or was used.

    2) BITS uses range requests (asks for the middle of a file) which AV scanning hates.  Although an AV exception is support to allow all range requests maybe there is a problem.

  • Hi Michael,

    thank you for your answer.


    To 1) I use the exception which's included to the UTM. The exception is based on simple URLs. The download URLs above are included.

    To 2) This could be the reason. Anyway,the problem itself was solved an new updates working again.

    Jas Man